Tuesday 16 July 2024, 11am-12noon (BST)
Role-based access control (RBAC) is a fundamental component of authorisation in the Kubernetes ecosystem. This talk explored the challenges of reviewing RBAC, specifically within managed Azure Kubernetes Services (AKS) environments.
We dove into a real-world attack scenario involving a Grafana open-source analytics monitoring pod, where the attacker used an application-based attack to leverage a privileged Service Account, resulting in privilege escalation.
Discover how the attacker then proceeded to exploit default AKS deployment settings to access AKS nodes and sensitive Kubelet secret keys, allowing them to maintain persistence within the AKS environment and access pods and services.
In this session, we gained insights into attacker techniques as well as the dangers of privilege escalation, and learned how to address vulnerabilities in AKS deployments.
Chaired by
Danny King (info), Managing Director, The SASIG
Presented by
Sadi Zane (info), Managing Consultant – Red Team & Orchestration Lead, BSI